def create(self, name, text_targets, template):
"""Get scan by ID.
:param name: The name of the Scan to be created.
:param text_targets: A string of comma separated targets or a list of targets.
:param template: The name or title of the template, or an instance of Template.
:return: ScanRef referenced by id if exists.
"""
if isinstance(text_targets, list):
text_targets = ','.join(text_targets)
t = template
if not isinstance(t, Template):
t = self.template(name=template)
if not t:
t = self.template(title=template)
if not t:
raise TenableIOException(
u'Template with name or title as "%s" not found.' % template)
scan_id = self._client.scans_api.create(
ScanCreateRequest(t.uuid, ScanSettings(
name,
text_targets,
)))
return ScanRef(self._client, scan_id)
def scan_id(self, app, client, template):
"""
Create a scan for testing.
"""
scan_id = client.scans_api.create(
ScanCreateRequest(
template.uuid,
ScanSettings(
app.session_name('test_scans'),
TenableIOTestConfig.get('scan_text_targets'),
)))
yield scan_id
try:
client.scans_api.delete(scan_id)
except TenableIOApiException:
# This happens when the scan is not idling.
client.scans_api.stop(scan_id)
self.wait_until(
lambda: client.scans_api.details(scan_id),
lambda details: details.info.status in [
Scan.STATUS_CANCELED, Scan.STATUS_COMPLETED, Scan.
STATUS_EMPTY
])
client.scans_api.delete(scan_id)
def init_scan(new_host_ip, timestamp):
# Fetch a list of all scanners on the account and group them into a dictionary {scannerName: scannerId}
scanners = {
scanner.name: scanner.id
for scanner in tio_client.scanners_api.list().scanners
}
# Fetch a list of all folders on the account and group them into a dictionary {folderName: folderId}
folders = {
folder.name: folder.id
for folder in tio_client.folders_api.list().folders
}
# This controls the name formatting for the automatically generated scan.
scan_name = 'NNM Initiated Scan - New Host %s @ %s' % (new_host_ip,
timestamp)
# This controls which template is used, see the 'TEMPLATE_TYPE' variable at the top.
basic_template = tio_client.scan_helper.template(name=TEMPLATE_TYPE)
# Create the scan and use the corresponding scanner id for the scanner name supplied
scan_id = tio_client.scans_api.create(
ScanCreateRequest(
basic_template.uuid,
ScanSettings(scan_name,
new_host_ip,
folder_id=folders[FOLDER_NAME],
scanner_id=scanners[SCANNER_NAME])))
# Get the scanRef object using the previously returned scan id
scan_ref = tio_client.scan_helper.id(scan_id)
# launch the scan but don't block until it finishes
scan_ref.launch(wait=False)
def test_scans_agent_scan(client, new_agent_group):
template_list = client.editor_api.list('scan')
assert len(
template_list.templates) > 0, u'Expected at least one scan template.'
agent_group_uuid = client.agent_groups_api.details(new_agent_group).uuid
test_templates = [
t for t in template_list.templates if t.name == 'agent_basic'
]
scan_id = client.scans_api.create(
ScanCreateRequest(
test_templates[0].uuid,
ScanSettings(
'test_basic_agent_scan',
agent_group_id=[agent_group_uuid],
)))
# we need to launch the scan in order for some fields to be fully populated
client.scans_api.launch(scan_id, ScanLaunchRequest())
scan_details = client.scans_api.details(scan_id)
assert isinstance(
scan_details, ScanDetails
), u'The `details` method did not return type `ScanDetails`.'
assert scan_details.info.agent_targets is not None, u'Expected agent_targets attribute to be present.'
assert len(
scan_details.info.agent_targets
) == 1, u'Expected a single agent group to be included in agent_targets.'
assert scan_details.info.agent_targets[0].uuid == agent_group_uuid, \
u'Expected agent group uuid to match configured value.'
def create(self,
name,
text_targets,
template,
credentials=None,
policy_id=None,
policy_name=None):
"""Get scan by ID.
:param name: The name of the Scan to be created.
:param text_targets: A string of comma separated targets or a list of targets.
:param template: The name or title of the template, or an instance of Template.
:return: ScanRef referenced by id if exists.
"""
if isinstance(text_targets, list):
text_targets = ','.join(text_targets)
t = template
if not isinstance(t, Template):
t = self.template(name=template)
if not t:
t = self.template(title=template)
if not t:
raise TenableIOException(
u'Template with name or title as "%s" not found.' % template)
if not policy_id and policy_name:
p = self.policy(policy_name)
if not p:
raise TenableIOException(
u'Policy with name as "%s" not found.' % policy_name)
policy_id = p.id
if credentials and not isinstance(credentials, PolicyCredentials):
raise TenableIOException(
u'Credentials is not an instance of PolicyCredentials.')
if policy_id and credentials:
# create a new policy with the credentials
copy_custom_policy_id = self._client.policies_api.copy(policy_id)
payload = {"credentials": credentials.as_payload()}
self._client.put('policies/%(policy_id)s',
payload,
path_params={'policy_id': copy_custom_policy_id})
policy_id = copy_custom_policy_id
scan_id = self._client.scans_api.create(
ScanCreateRequest(
t.uuid, ScanSettings(
name,
text_targets,
policy_id=policy_id,
), credentials))
return ScanRef(self._client, scan_id)
def test_scans_configure(client, new_scan):
scan_id = new_scan
after_name = 'scan_name_edit'
client.scans_api.configure(
schedule_uuid=new_scan,
scan_configure=ScanConfigureRequest(settings=ScanSettings(
name=after_name,
text_targets=TenableIOTestConfig.get('scan_template_name'))))
scan_details = client.scans_api.details(schedule_uuid=new_scan)
assert scan_details.info.name == after_name, u'The returned scan name should match the the edited value.'
def new_scan_id(client):
template_list = client.editor_api.list('scan')
assert len(
template_list.templates) > 0, u'Expected at least one scan template.'
test_templates = [t for t in template_list.templates if t.name == 'basic']
return client.scans_api.create(
ScanCreateRequest(
test_templates[0].uuid,
ScanSettings(
'test_scan_fixture',
TenableIOTestConfig.get('scan_text_targets'),
)))
def test_configure(self, app, client, scan_id):
scan_details = client.scans_api.details(scan_id)
before_name = scan_details.info.name
after_name = app.session_name('test_scans_config', length=3)
client.scans_api.configure(
scan_id,
ScanConfigureRequest(settings=ScanSettings(
name=after_name,
text_targets=TenableIOTestConfig.get('scan_template_name'))))
scan_details = client.scans_api.details(scan_id)
assert scan_details.info.name == after_name, u'Name is reconfigured.'
client.scans_api.configure(
scan_id,
ScanConfigureRequest(settings=ScanSettings(
name=before_name,
text_targets=TenableIOTestConfig.get('scan_template_name'))))
scan_details = client.scans_api.details(scan_id)
assert scan_details.info.name == before_name, u'Name is reverted.'
def scan(self, app, client, scanner, template):
"""
Create scan for testing. Ensure there is one active (running or paused) scan in given scanner.
"""
scan_id = client.scans_api.create(
ScanCreateRequest(
template.uuid,
ScanSettings(app.session_name('test_scanners'),
TenableIOTestConfig.get('scan_text_targets'),
scanner_id=scanner.id)))
client.scans_api.launch(scan_id, ScanLaunchRequest())
scan_details = client.scans_api.details(scan_id)
assert scan_details.info.status in [
Scan.STATUS_PENDING, Scan.STATUS_RUNNING
], u'Scan is in launched state.'
scan_details = self.wait_until(
lambda: client.scans_api.details(scan_id), lambda details: details.
info.status in [Scan.STATUS_COMPLETED, Scan.STATUS_RUNNING])
assert scan_details.info.status == Scan.STATUS_RUNNING, u'Scan should be running to test pause.'
client.scans_api.pause(scan_id)
scan_details = client.scans_api.details(scan_id)
assert scan_details.info.status in [
Scan.STATUS_PAUSED, Scan.STATUS_PAUSING
], u'Scan is pausing.'
scan_details = self.wait_until(
lambda: client.scans_api.details(scan_id),
lambda details: details.info.status in [Scan.STATUS_PAUSED])
assert scan_details.info.status == Scan.STATUS_PAUSED, u'Scan is paused.'
yield scan_details
try:
client.scans_api.delete(scan_id)
except TenableIOApiException:
# This happens when the scan is not idling.
client.scans_api.stop(scan_id)
self.wait_until(
lambda: client.scans_api.details(scan_id),
lambda details: details.info.status in [
Scan.STATUS_CANCELED, Scan.STATUS_COMPLETED, Scan.
STATUS_EMPTY
])
client.scans_api.delete(scan_id)
# Establish the login session using our client API helper.
client = TenableIOClient(access_key=accessKey, secret_key=secretKey)
# Fetch a list of all scanners on the account and group them into a dictionary {scannerName: scannerId}
scanners = {scanner.name: scanner.id for scanner in client.scanners_api.list().scanners}
# Fetch a list of all folders on the account and group them into a dictionary {folderName: folderId}
folders = {folder.name: folder.id for folder in client.folders_api.list().folders}
# Fetch the template uuid to be used in our call to launch the scan.
template = client.scan_helper.template(name=scanTemplate)
# Create the scan and use the corresponding scanner id for the scanner name supplied
scan_id = client.scans_api.create(
ScanCreateRequest(
template.uuid,
ScanSettings(
scanName,
scanTarget,
folder_id=folders[folderName],
scanner_id=scanners[scannerName]
)
)
)
# Get the scanRef object using the previously returned scan id
scan = client.scan_helper.id(scan_id)
# launch & download the scan result
scan.launch().download('{}.nessus'.format(scanName), scan.histories()[0].history_id, format=ScanExportRequest.FORMAT_NESSUS)
def create_tenable_scan(**kwargs):
"""
Schedule scan job in Tenable.io account
:param kwargs: list of arguments (see call function details)
:return: datetime object
"""
# Assign arguments
settings = kwargs['settings'][kwargs['scan_target']]
client = kwargs['client']
logger = kwargs['logger']
scan_time = kwargs['scan_time']
# Scan name time part
settings['policy'] = get_tenable_policy_uuid(
client=client, policy_name=settings['policy_name'])
settings['folder_id'] = get_tenable_folder_id(
client=client, folder_name=settings['folder_name'])
# Set correct ACLs
acls = [{
'display_name': settings['acl_name'],
'name': settings['acl_name'],
'id': settings['acl_id'],
'permissions': settings['acl_permissions'],
'type': 'group'
}]
targets, scan_time = get_composed_scan_jobs(
projects=kwargs['target'],
license_count=kwargs['settings']['TENABLE.IO']['license_count'],
scan_settings=settings,
scan_time=scan_time)
# Create and launch scans in Tenable
for target in targets:
project = targets[target]
# Set scan name
scan_name = "{0}-{1}-{2}".format(targets[target]['starttime'],
settings['name'], project['name'])
# Set scan targets
targets_list = [address['target'] for address in project['targets']]
targets_str = ",".join(targets_list)
settings['text_targets'] = targets_str
# Create scan object
scan_settings = ScanSettings(name=scan_name,
emails=settings['emails']
if 'emails' in settings.keys() else False,
enabled=settings['enabled'],
starttime=targets[target]['starttime'],
rrules=settings['rrules'],
timezone=settings['timezone'],
folder_id=settings['folder_id'],
policy_id=settings['policy'].id,
scanner_id=settings['scanner_id'],
text_targets=targets_str,
acls=acls)
scan_request = ScanCreateRequest(uuid=settings['policy'].template_uuid,
settings=scan_settings)
client.scans_api.create(scan_request)
logger.info("Successfully created scan {0}".format(scan_name))
return scan_time
